For me or any cybersecurity professional to help you, we need to understand your infrastructure (networking hardware, operating systems, peripheral devices, application software in use, host-based security solutions in use, mobile devices in use, number of users, etc.). We will also need to look at the training needs for your workforce and policies that you have in place for your workers in regards to network access and use. And then we’ll have to look at the data that you are trying to protect. I know this sounds like a lot of information, but regardless of whether your business is large or small, there are a lot of things to take into consideration.
We can implement many configuration settings to secure your data, your network, and endpoints. However, unless your users are well trained and you have well-defined policies and procedures for your sensitive information and your network, you are sure to have weak links in your security.
I know you’re also concerned about email security, which is one of the most common ways used to enter a network. I’m happy to make some recommendations which will be easy for you to implement.
- Do you use commercial email providers such as Gmail, Yahoo, or Hotmail?
- Do you use an email service provided by your ISP?
- Do you have a private email server?
- Do you access your email using a browser or do you use an email client?
The answers to these questions will help determine the best way to help you improve your email security.
There are some easy steps you can implement today regardless of how you’re set up.
First and foremost, you need to understand how vulnerable you are when you do not exercise strict email hygiene. What I mean by that, is, you have to make sure that you do not open any attachments in email or click on links contained in emails that are unsolicited. You also need to be just as wary of attachments or links contained in emails sent to you by others you know because they may not be as disciplined as you are in their email hygiene. They may send you a cute PowerPoint, or a funny meme, or a hyperlink to an article they found interesting on some website. You never know which attachment or link is also going to contain an exploit that can infect your computer and your network.
You might be safe; you might not be safe. You need to educate yourself to understand SPAM and phishing emails. In this case, I would say that education and discipline are probably your best defense. I would also recommend you invest in host-based security software that will scan attachments in all your emails for malware.
I always like to give my potential clients something that will help them today, so I would like to leave you with these tips. In Louisiana, we would call this lagniappe.
Learn how to write a cybersecurity RFP, choose cybersecurity partners, and implement cybersecurity technology. Download this free report for all the details.The Technology Manager’s Guide: Tips for Buying Cybersecurity Technology
Best Router Security Practices
- Change your router’s default password and make sure it’s a good complex password.
- Change the default admin ID if you can…unfortunately many consumer grade routers will not allow you to do this.
- Ensure you update the router’s firmware.
- Change the default network name for all three access modes (Ethernet, Wi-Fi 2.5 GHz, Wi-Fi 5.0 GHz).
- Setup WPA2 for your Wi-Fi and make sure you use a password that is complex.
- Disable any Guest access network when it’s not needed.
- Use parental controls if you want to establish hours of available Internet access for specific users.
- Setup and start using a DNS service like OpenDNS, Norton Connect Safe for Home, or Comodo Secure DNS to filter out pornography and other unwanted content.
- Enable logs so you will have access to reports that will help you troubleshoot problems.
- Set the maximum number of available IP address to the number of devices on your network.
- Enable MAC filtering to help ensure only those devices you specifically authorize can access your network or so you can deny the neighbor’s kid or the neighbor for that matter using your network without your permission.
I know some of my friends from the world of cybersecurity will say MACs can be spoofed…and so they can. But why make it easier when you can make it more challenging for someone to try and break in?
- Do administer your router using a Wi-Fi connection
- Disable “Access via Wireless” under “Local Management Access.”
- Disable Universal Plug and Play (UPnP)
- Ensure Wi-Fi Protected Access (WPA) is disabled
- Ensure your Firewall is enabled
- Disable VPN Passthrough unless you are in fact using a VPN to access your network.
I love small business owners and understand the financial constraints many of them work under. If they are on a tight budget but need help, I do everything I can for free or within their budget… I also point them to the NIST (National Institute of Standards & Technology) Special Publications (800) series focused on small business owners as well as my personal website. There are a lot of free resources developed for small business owners.